<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>OAuth2 授权服务器</title>
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }
        
        body {
            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', sans-serif;
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            min-height: 100vh;
            padding: 40px 20px;
        }
        
        .container {
            max-width: 900px;
            margin: 0 auto;
            background: white;
            border-radius: 20px;
            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
            padding: 50px;
        }
        
        .header {
            text-align: center;
            margin-bottom: 40px;
        }
        
        .header .logo {
            font-size: 4em;
            margin-bottom: 20px;
        }
        
        .header h1 {
            color: #333;
            font-size: 2.5em;
            margin-bottom: 10px;
        }
        
        .header p {
            color: #666;
            font-size: 1.2em;
        }
        
        .info-card {
            background: #f8f9fa;
            border-radius: 15px;
            padding: 30px;
            margin: 25px 0;
            border-left: 5px solid #667eea;
        }
        
        .info-card h2 {
            color: #667eea;
            font-size: 1.5em;
            margin-bottom: 15px;
            display: flex;
            align-items: center;
        }
        
        .info-card h2:before {
            content: "•";
            font-size: 1.5em;
            margin-right: 10px;
        }
        
        .endpoint-list {
            list-style: none;
            margin-top: 15px;
        }
        
        .endpoint-list li {
            padding: 12px 0;
            border-bottom: 1px solid #e0e0e0;
            display: flex;
            align-items: center;
        }
        
        .endpoint-list li:last-child {
            border-bottom: none;
        }
        
        .endpoint-list li:before {
            content: "→";
            color: #667eea;
            font-weight: bold;
            margin-right: 12px;
        }
        
        .code-box {
            background: #2d2d2d;
            color: #f8f8f2;
            padding: 15px;
            border-radius: 10px;
            font-family: 'Courier New', monospace;
            font-size: 0.9em;
            overflow-x: auto;
            margin: 15px 0;
        }
        
        .btn {
            display: inline-block;
            padding: 15px 35px;
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            color: white;
            text-decoration: none;
            border-radius: 50px;
            font-size: 1.1em;
            font-weight: 600;
            transition: all 0.3s;
            border: none;
            cursor: pointer;
            margin: 10px;
        }
        
        .btn:hover {
            transform: translateY(-2px);
            box-shadow: 0 10px 25px rgba(102, 126, 234, 0.4);
        }
        
        .btn-danger {
            background: linear-gradient(135deg, #eb3349 0%, #f45c43 100%);
        }
        
        .user-info {
            background: #e8f5e9;
            border-left: 5px solid #4caf50;
            padding: 20px;
            border-radius: 10px;
            margin: 25px 0;
        }
        
        .user-info h3 {
            color: #2e7d32;
            margin-bottom: 15px;
        }
        
        .user-detail {
            display: flex;
            padding: 10px 0;
            border-bottom: 1px solid #c8e6c9;
        }
        
        .user-detail:last-child {
            border-bottom: none;
        }
        
        .user-detail .label {
            font-weight: 600;
            color: #555;
            min-width: 100px;
        }
        
        .user-detail .value {
            color: #333;
        }
        
        .footer {
            text-align: center;
            margin-top: 40px;
            padding-top: 30px;
            border-top: 2px solid #f0f0f0;
            color: #999;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="header">
            <div class="logo">🔐</div>
            <h1>OAuth2 授权服务器</h1>
            <p>企业级安全授权解决方案</p>
        </div>
        
        <!-- 已登录用户信息 -->
        <div sec:authorize="isAuthenticated()" class="user-info">
            <h3>✅ 已登录</h3>
            <div class="user-detail">
                <div class="label">用户名:</div>
                <div class="value" sec:authentication="name"></div>
            </div>
            <div class="user-detail">
                <div class="label">权限:</div>
                <div class="value" sec:authentication="authorities"></div>
            </div>
        </div>
        
        <!-- OAuth2 端点说明 -->
        <div class="info-card">
            <h2>OAuth2 标准端点</h2>
            <ul class="endpoint-list">
                <li><strong>授权端点:</strong> GET /oauth2/authorize</li>
                <li><strong>令牌端点:</strong> POST /oauth2/token</li>
                <li><strong>JWK Set:</strong> GET /oauth2/jwks</li>
                <li><strong>用户信息:</strong> GET /userinfo</li>
                <li>
                    <strong>服务发现:</strong> 
                    <a href="/.well-known/oauth-authorization-server" 
                       style="color: #667eea; text-decoration: none;"
                       target="_blank">
                        GET /.well-known/oauth-authorization-server
                    </a>
                </li>
            </ul>
        </div>
        
        <!-- 测试说明 -->
        <div class="info-card">
            <h2>快速测试</h2>
            <p style="color: #666; margin-bottom: 15px;">
                使用以下URL开始OAuth2授权流程：
            </p>
            <div class="code-box">http://localhost:9000/oauth2/authorize?response_type=code&client_id=oauth2-client&scope=openid%20profile%20message.read%20message.write&redirect_uri=http://localhost:8080/callback&state=xyz</div>
            <p style="color: #666; margin-top: 15px;">
                <strong>测试账号:</strong> user/password 或 admin/password
            </p>
        </div>
        
        <!-- 配置信息 -->
        <div class="info-card">
            <h2>配置信息</h2>
            <ul class="endpoint-list">
                <li><strong>服务器端口:</strong> 9000</li>
                <li><strong>客户端ID:</strong> oauth2-client</li>
                <li><strong>客户端密钥:</strong> secret</li>
                <li><strong>回调地址:</strong> http://localhost:8080/callback</li>
                <li><strong>令牌有效期:</strong> 30分钟</li>
            </ul>
        </div>
        
        <!-- 操作按钮 -->
        <div style="text-align: center; margin-top: 40px;">
            <div sec:authorize="isAnonymous()">
                <a href="/login" class="btn">🔑 登录</a>
            </div>
            <div sec:authorize="isAuthenticated()">
                <form th:action="@{/logout}" method="post" style="display: inline;">
                    <button type="submit" class="btn btn-danger">🚪 登出</button>
                </form>
            </div>
        </div>
        
        <div class="footer">
            <p>Spring Authorization Server 1.2.3 | Spring Security 6.x</p>
            <p style="margin-top: 10px;">OAuth 2.0 & OpenID Connect 1.0</p>
        </div>
    </div>
</body>
</html>

